public async Task StoreTokenAsync_WhenTokenWasGenerated_AssertProtectWasCalledOnDataProtectorWithTokenByteArray()
{
ITokenHelper sut = CreateSut();
IRefreshableToken token = new RefreshableToken(_fixture.Create <string>(), _fixture.Create <string>(), _fixture.Create <string>(), _fixture.Create <DateTime>());
HttpContext httpContext = CreateHttpContext();
string base64Token = token.ToBase64();
await sut.StoreTokenAsync(httpContext, base64Token);
_dataProtectorMock.Verify(m => m.Protect(It.Is <byte[]>(value => value != null && string.CompareOrdinal(Encoding.UTF8.GetString(value), Encoding.UTF8.GetString(token.ToByteArray())) == 0)), Times.Once);
}
public void ConfigureServices(IServiceCollection services)
{
NullGuard.NotNull(services, nameof(services));
services.Configure <ForwardedHeadersOptions>(opt =>
{
opt.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
opt.KnownNetworks.Clear();
opt.KnownProxies.Clear();
});
services.Configure <CookiePolicyOptions>(opt =>
{
opt.CheckConsentNeeded = context => true;
opt.MinimumSameSitePolicy = SameSiteMode.None;
opt.Secure = CookieSecurePolicy.SameAsRequest;
});
services.AddDataProtection()
.SetApplicationName("OSDevGrp.OSIntranet.Mvc")
.UseEphemeralDataProtectionProvider()
.SetDefaultKeyLifetime(new TimeSpan(30, 0, 0, 0));
services.AddAntiforgery();
services.AddControllersWithViews(opt => opt.Filters.Add(typeof(AcquireTokenActionFilter)))
.AddJsonOptions(opt =>
{
opt.JsonSerializerOptions.Converters.Add(new JsonStringEnumConverter());
opt.JsonSerializerOptions.Converters.Add(new DecimalFormatJsonConverter());
opt.JsonSerializerOptions.Converters.Add(new NullableDecimalFormatJsonConverter());
opt.JsonSerializerOptions.DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingNull;
});
services.AddRazorPages();
services.AddAuthentication(opt =>
{
opt.DefaultScheme = "OSDevGrp.OSIntranet.Internal";
opt.DefaultSignInScheme = "OSDevGrp.OSIntranet.External";
})
.AddCookie("OSDevGrp.OSIntranet.Internal", opt =>
{
opt.LoginPath = "/Account/Login";
opt.LogoutPath = "/Account/Logoff";
opt.ExpireTimeSpan = new TimeSpan(0, 60, 0);
opt.Cookie.SameSite = SameSiteMode.None;
opt.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
opt.DataProtectionProvider = DataProtectionProvider.Create("OSDevGrp.OSIntranet.Mvc");
})
.AddCookie("OSDevGrp.OSIntranet.External", opt =>
{
opt.LoginPath = "/Account/Login";
opt.LogoutPath = "/Account/Logoff";
opt.ExpireTimeSpan = new TimeSpan(0, 0, 10);
opt.Cookie.SameSite = SameSiteMode.None;
opt.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
opt.DataProtectionProvider = DataProtectionProvider.Create("OSDevGrp.OSIntranet.Mvc");
})
.AddMicrosoftAccount(opt =>
{
opt.ClientId = Configuration["Security:Microsoft:ClientId"];
opt.ClientSecret = Configuration["Security:Microsoft:ClientSecret"];
opt.SignInScheme = "OSDevGrp.OSIntranet.External";
opt.CorrelationCookie.SameSite = SameSiteMode.None;
opt.CorrelationCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
opt.SaveTokens = true;
opt.Scope.Clear();
opt.Scope.Add("User.Read");
opt.Scope.Add("Contacts.ReadWrite");
opt.Scope.Add("offline_access");
opt.Events.OnCreatingTicket += o =>
{
double seconds = o.ExpiresIn?.TotalSeconds ?? 0;
IRefreshableToken refreshableToken = new RefreshableToken(o.TokenType, o.AccessToken, o.RefreshToken, DateTime.UtcNow.AddSeconds(seconds));
o.Properties.Items.Add($".{TokenType.MicrosoftGraphToken}", refreshableToken.ToBase64());
return(Task.CompletedTask);
};
opt.DataProtectionProvider = DataProtectionProvider.Create("OSDevGrp.OSIntranet.Mvc");
})
.AddGoogle(opt =>
{
opt.ClientId = Configuration["Security:Google:ClientId"];
opt.ClientSecret = Configuration["Security:Google:ClientSecret"];
opt.SignInScheme = "OSDevGrp.OSIntranet.External";
opt.CorrelationCookie.SameSite = SameSiteMode.None;
opt.CorrelationCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
opt.DataProtectionProvider = DataProtectionProvider.Create("OSDevGrp.OSIntranet.Mvc");
});
services.AddAuthorization(opt =>
{
opt.AddPolicy("SecurityAdmin", policy => policy.RequireClaim(ClaimHelper.SecurityAdminClaimType));
opt.AddPolicy("Accounting", policy => policy.RequireClaim(ClaimHelper.AccountingClaimType));
opt.AddPolicy("CommonData", policy => policy.RequireClaim(ClaimHelper.CommonDataClaimType));
opt.AddPolicy("Contacts", policy => policy.RequireClaim(ClaimHelper.ContactsClaimType));
});
services.AddHealthChecks();
services.AddCommandBus().AddCommandHandlers(typeof(AuthenticateCommandHandlerBase <,>).Assembly);
services.AddQueryBus().AddQueryHandlers(typeof(AuthenticateCommandHandlerBase <,>).Assembly);
services.AddEventPublisher();
services.AddResolvers();
services.AddDomainLogic();
services.AddRepositories();
services.AddBusinessLogicValidators();
services.AddBusinessLogicHelpers();
services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>();
services.AddTransient <IPrincipalResolver, PrincipalResolver>();
services.AddTransient <ITrustedDomainHelper, TrustedDomainHelper>();
services.AddTransient <ITokenHelperFactory, TokenHelperFactory>();
services.AddTransient <ITokenHelper, MicrosoftGraphTokenHelper>();
}